Search code examples
azuremicrosoft-graph-api

Get defaultUserRolePermissions using microsoft graph api

I want to get details of defaultUserRolePermissions resource type through Microsoft graph Api. I want that data shown in image below:

enter image description here

Solution

  • To get default user role permissions using Microsoft Graph API, you can run below graph query:

    GET https://graph.microsoft.com/beta/policies/authorizationPolicy?$select=defaultUserRolePermissions

    I have these settings configured for the users in my directory:

    enter image description here

    When I ran below query in Graph Explorer with Policy.Read.All permissions, I got required details successfully in response like this:

    GET https://graph.microsoft.com/beta/policies/authorizationPolicy?$select=defaultUserRolePermissions

    Response:

    enter image description here

    {
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authorizationPolicy(defaultUserRolePermissions)",
    "value": [
        {
            "defaultUserRolePermissions": {
                "allowedToCreateApps": true,
                "allowedToCreateSecurityGroups": true,
                "allowedToCreateTenants": true,
                "allowedToReadBitlockerKeysForOwnedDevice": true,
                "allowedToReadOtherUsers": true
            }
        }
    ]
}

    Reference: Get authorizationPolicy - Microsoft Graph